It's a small zone. Kinda important thou, i guess. Mehmet
> On Nov 6, 2014, at 7:42 AM, ALAIN AINA <aal...@trstech.net> wrote: > > >> On Nov 6, 2014, at 3:13 PM, Mehmet Akcin wrote: >> >> I would be glad to help with signing. I have experience signing some small >> zones > > Small zones like the root zone ??:-) > > > > --Alain > >> >> Mehmet >> >>> On Nov 6, 2014, at 7:09 AM, Dr Eberhard Lisse <e...@lisse.na> wrote: >>> >>> Julie, >>> >>> as a heads up, the TechWg is considering to do a very lightweight key >>> signing ceremony. Ie something for small (cc)TLDs, just the technical >>> side, not the two-person rule thing. >>> >>> I'd like to have Rick Lamb help us if he can, but don't know who to ask. >>> >>> If that works out I would like to see this becoming a regular >>> occurrence. And if that worked one could even look at increasing the >>> levels... >>> >>> el >>> >>> >>>> On 2014-11-06 16:07, Julie Hedlund wrote: >>>> Call for Participation -- ICANN DNSSEC Workshop at ICANN 52 in Singapore >>>> >>>> >>>> >>>> The DNSSEC Deployment Initiative and the Internet Society Deploy360 >>>> Programme, in cooperation with the ICANN Security and Stability Advisory >>>> Committee (SSAC), are planning a DNSSEC Workshop at the ICANN 52 meeting >>>> on 11 February 2015 in Singapore. The DNSSEC Workshop has been a part >>>> of ICANN meetings for several years and has provided a forum for both >>>> experienced and new people to meet, present and discuss current and >>>> future DNSSEC deployments. For reference, the most recent session was >>>> held at the ICANN meeting in Los Angeles on 15 October 2014. The >>>> presentations and transcripts are >>>> available at: http://la51.icann.org/en/schedule/wed-dnssec. >>>> >>>> >>>> >>>> We are seeking presentations on the following topics: >>>> >>>> >>>> >>>> 1. DNSSEC activities in Asia >>>> >>>> >>>> >>>> For this panel we are seeking participation from those who have >>>> been involved in DNSSEC deployment in Asia and also from those who have >>>> not deployed DNSSEC but who have a keen interest in the challenges and >>>> benefits of deployment. In particular, we will consider the following >>>> questions: What can DNSSEC do for you? What doesn't it do? What are >>>> the internal tradeoffs to implementing DNSSEC? What did you learn in >>>> your deployment of DNSSEC? We are interested in presentations from both >>>> people involved with the signing of domains and people involved with the >>>> deployment of DNSSEC-validating DNS resolvers. >>>> >>>> >>>> >>>> 2. Potential impacts of Root Key Rollover >>>> >>>> >>>> >>>> Given many concerns about the need to do a Root Key Rollover, we would >>>> like to bring together a panel of people who can talk about what the >>>> potential impacts may be to ISPs, equipment providers and end users, and >>>> also what can be done to potentially mitigate those issues. In >>>> particular, we are seeking participation from vendors, ISPs, and the >>>> community that will be affected by distribution of new root keys. We >>>> would like to be able to offer suggestions out of this panel to the >>>> wider technical community. If you have a specific concern about the >>>> Root Key Rollover, or believe you have a method or solution to help >>>> address impacts, we would like to hear from you. >>>> >>>> >>>> >>>> 3. New gTLD registries and administrators implementing DNSSEC >>>> >>>> >>>> >>>> With the launch of the new gTLDs, we are interested in hearing from >>>> registries and operators of new gTLDs about what systems and processes >>>> they have implemented to support DNSSEC. As more gTLDs are launched, is >>>> there DNSSEC-related information that can be shared to help those >>>> launches go easier? >>>> >>>> >>>> >>>> 4. Guidance for Registrars in supporting DNSSEC >>>> >>>> >>>> >>>> The 2013 Registrar Accreditation Agreement (RAA) for registrars and >>>> resellers requires them to support DNSSEC from January 1, 2014. We are >>>> seeking presentations discussing: >>>> >>>> * What are the specific technical requirements of the RAA and how can >>>> registrars meet those requirements? >>>> >>>> * What tools and systems are available for registrars that include >>>> DNSSEC support? >>>> >>>> * What information do registrars need to provide to >>>> resellers and ultimately customers? >>>> >>>> >>>> >>>> We are particularly interested in hearing from registrars who have >>>> signed the 2013 RAA and have either already implemented DNSSEC support >>>> or have a plan for doing so. >>>> >>>> >>>> 5. APIs between the Registrars and DNS hosting operators >>>> >>>> >>>> >>>> One specific area that has been identified as needing focus is the >>>> communication between registrars and DNS hosting operators, specifically >>>> when these functions are provided by different entities. Currently, the >>>> communication, such as the transfer of a DS record, often occurs by way >>>> of the domain name holder copying and pasting information from one web >>>> interface to another. How can this be automated? We would welcome >>>> presentations by either registrars or DNS hosting operators who have >>>> implemented APIs for the communication of DNSSEC information, or from >>>> people with ideas around how such APIs could be constructed. >>>> >>>> >>>> >>>> 6. Implementing DNSSEC validation at Internet Service Providers (ISPs) >>>> >>>> >>>> Internet Service Providers (ISPs) play a critical role by enabling >>>> DNSSEC validation for the caching DNS resolvers used by their customers. >>>> We have now seen massive rollouts of DNSSEC validation within large >>>> North American ISPs and at ISPs around the world. We are interested in >>>> presentations on topics such as: >>>> >>>> * What does an ISP need to do to prepare its network for implementing >>>> DNSSEC validation? >>>> >>>> * How does an ISP need to prepare its support staff and technical staff >>>> for the rollout of DNSSEC validation? >>>> >>>> * What measurements are available about the degree of DNSSEC validation >>>> currently deployed? >>>> >>>> * What tools are available to help an ISP deploy DNSSEC validation? >>>> >>>> * What are the practical server-sizing impacts of enabling DNSSEC >>>> validation on ISP DNS Resolvers (ex. cost, memory, CPU, bandwidth, >>>> technical support, etc.)? >>>> >>>> >>>> >>>> 7. The operational realities of running DNSSEC >>>> >>>> >>>> >>>> Now that DNSSEC has become an operational norm for many >>>> registries, registrars, and ISPs, what have we learned about how we >>>> manage DNSSEC? What is the best practice around key rollovers? How often >>>> do you review your disaster recovery procedures? Is there operational >>>> familiarity within your customer support teams? What operational >>>> statistics have we gathered about DNSSEC? Are there experiences being >>>> documented in the form of best practices, or something similar, for >>>> transfer of signed zones? >>>> >>>> >>>> >>>> 8. DNSSEC automation >>>> >>>> >>>> >>>> For DNSSEC to reach massive deployment levels it is clear that a higher >>>> level of automation is required than is currently available. Topics for >>>> which we would like to see presentations include: >>>> >>>> * What tools, systems and services are available to help automate DNSSEC >>>> key management? >>>> >>>> * Can you provide an analysis of current tools/services and identify gaps? >>>> >>>> * Where are the best opportunities for automation within DNSSEC signing >>>> and validation processes? >>>> >>>> * What are the costs and benefits of different approaches to automation? >>>> >>>> >>>> >>>> 9. When unexpected DNSSEC events occur >>>> >>>> >>>> >>>> What have we learned from some of the operational outages that we >>>> have seen over the past 18 months? Are there lessons that we can pass on >>>> to those just about to implement DNSSEC? How do you manage dissemination >>>> of information about the outage? What have you learned about >>>> communications planning? Do you have a route to ISPs and registrars? How >>>> do you liaise with your CERT community? >>>> >>>> >>>> >>>> 10. DANE and DNSSEC applications >>>> >>>> >>>> >>>> There is strong interest for DANE usage within web transactions as well >>>> as for securing email and Voice-over-IP (VoIP). We are seeking >>>> presentations on topics such as: >>>> >>>> * What are some of the new and innovative uses of DANE and other DNSSEC >>>> applications in new areas or industries? >>>> >>>> * What tools and services are now available that can support DANE usage? >>>> >>>> * How soon could DANE and other DNSSEC applications become a deployable >>>> reality? >>>> >>>> * How can the industry use DANE and other DNSSEC applications as a >>>> mechanism for creating a more secure Internet? >>>> >>>> >>>> >>>> We would be particularly interested in any live demonstrations of DNSSEC >>>> / DANE applications and services. For example, a demonstration of the >>>> actual process of setting up a site with a certificate stored in a TLSA >>>> record that correctly validates would be welcome. Demonstrations of new >>>> tools that make the setup of DNSSEC or DANE more automated would also be >>>> welcome. >>>> >>>> >>>> 11. DANE / DNSSEC as a way to secure email >>>> >>>> >>>> >>>> The DNS-based Authentication of Named Entities (DANE) protocol is an >>>> exciting development where DNSSEC can be used to provide a strong >>>> additional trust layer for traditional SSL/TLS certificates. We are both >>>> pleased and intrigued by the growing usage of DANE and DNSSEC as a means >>>> of providing added security for email. Multiple email servers have added >>>> support for DANE records to secure TLS/SSL connections. Some email >>>> providers are marketing DNSSEC/DANE support. We would like to have a >>>> panel at ICANN 51 focusing on this particular usage of DANE. Are you a >>>> developer of an email server or client supporting DANE? Do you provide >>>> DANE / DNSSEC support in your email service? Can you provide a brief >>>> case study of what you have done to implement DANE / DNSSEC? Can you >>>> talk about any lessons you learned in the process? >>>> >>>> >>>> >>>> 12. DNSSEC and DANE in the enterprise >>>> >>>> >>>> >>>> Enterprises can play a critical role in both providing DNSSEC validation >>>> to their internal networks and also through signing of the domains owned >>>> by the enterprise. We are seeking presentations from enterprises that >>>> have implemented DNSSEC on validation and/or signing processes and can >>>> address questions such as: >>>> >>>> * What are the benefits to enterprises of rolling out DNSSEC validation? >>>> And how do they do so? >>>> >>>> * What are the challenges to deployment for these organizations and how >>>> could DANE and other DNSSEC applications address those challenges? >>>> >>>> * How should an enterprise best prepare its IT staff and network to >>>> implement DNSSEC? >>>> >>>> * What tools and systems are available to assist enterprises in the >>>> deployment of DNSSEC? >>>> >>>> * How can the DANE protocol be used within an enterprise to bring a >>>> higher level of security to transactions using SSL/TLS certificates? >>>> >>>> >>>> >>>> 13. Hardware Security Modules (HSMs) use cases and innovation >>>> >>>> >>>> >>>> We are interested in demonstrations of HSMs, presentations of >>>> HSM-related innovations and real world use cases of HSMs and key >>>> management. >>>> >>>> >>>> >>>> In addition, we welcome suggestions for additional topics. >>>> >>>> >>>> >>>> If you are interested in participating, please send a brief (1-2 >>>> sentence) description of your proposed presentation to dnssec- >>>> <mailto:dnssec-singap...@isoc.org>singap...@isoc.org >>>> <mailto:dnssec-singap...@isoc.org> by **Wednesday, 03 December 2014** >>>> >>>> >>>> >>>> We hope that you can join us. >>>> >>>> >>>> >>>> Thank you, >>>> >>>> >>>> >>>> Julie Hedlund >>>> >>>> >>>> >>>> On behalf of the DNSSEC Workshop Program Committee: >>>> >>>> Mark Elkins, DNS/ZACR >>>> >>>> Cath Goulding, Nominet UK >>>> >>>> Jean Robert Hountomey, AfricaCERT >>>> >>>> Jacques Latour, .CA >>>> >>>> Xiaodong Lee, CNNIC >>>> >>>> Luciano Minuchin, NIC.AR >>>> >>>> Russ Mundy, Parsons >>>> >>>> Ondřej Surý, CZ.NIC >>>> >>>> Yoshiro Yoneya, JPRS >>>> >>>> Dan York, Internet Society >>> >>> -- >>> Dr. Eberhard W. Lisse \ / Obstetrician & Gynaecologist (Saar) >>> e...@lisse.na / * | Telephone: +264 81 124 6733 (cell) >>> PO Box 8421 \ / >>> Bachbrecht, Namibia ;____/ >